From 056b5c68b97b5d20c3fff525fc2ac53669307069 Mon Sep 17 00:00:00 2001 From: mherman22 Date: Fri, 24 May 2024 03:12:13 +0300 Subject: [PATCH] add the new openelis frontend aswell --- configs/hapi/properties/hapi_application.yaml | 215 ++++++++++++++++++ configs/nginx/nginx-prod.conf | 39 ++++ configs/nginx/nginx.conf | 51 +++++ docker-compose-gsoc-test.yml | 147 +++++++----- 4 files changed, 394 insertions(+), 58 deletions(-) create mode 100644 configs/hapi/properties/hapi_application.yaml create mode 100644 configs/nginx/nginx-prod.conf create mode 100644 configs/nginx/nginx.conf diff --git a/configs/hapi/properties/hapi_application.yaml b/configs/hapi/properties/hapi_application.yaml new file mode 100644 index 0000000..9047ed4 --- /dev/null +++ b/configs/hapi/properties/hapi_application.yaml @@ -0,0 +1,215 @@ +#Adds the option to go to eg. http://localhost:8080/actuator/health for seeing the running configuration +#see https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints +management: + endpoints: + web: + exposure: + include: "health,prometheus" +spring: + main: + allow-circular-references: true + #allow-bean-definition-overriding: true + flyway: + enabled: false + check-location: false + baselineOnMigrate: true + datasource: + url: 'jdbc:postgresql://database:5432/clinlims?currentSchema=clinlims' + #url: jdbc:h2:mem:test_mem + username: clinlims + password: clinlims + + driverClassName: org.postgresql.Driver + max-active: 15 + + # database connection pool size + hikari: + maximum-pool-size: 10 + jpa: + properties: + hibernate.format_sql: false + hibernate.show_sql: false + + #Hibernate dialect is automatically detected except Postgres and H2. + #If using H2, then supply the value of ca.uhn.fhir.jpa.model.dialect.HapiFhirH2Dialect + #If using postgres, then supply the value of ca.uhn.fhir.jpa.model.dialect.HapiFhirPostgres94Dialect + hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect + hibernate.hbm2ddl.auto: update + # hibernate.jdbc.batch_size: 20 + # hibernate.cache.use_query_cache: false + # hibernate.cache.use_second_level_cache: false + # hibernate.cache.use_structured_entries: false + # hibernate.cache.use_minimal_puts: false + + ### These settings will enable fulltext search with lucene or elastic + hibernate.search.enabled: true + ### lucene parameters +# hibernate.search.backend.type: lucene +# hibernate.search.backend.analysis.configurer: ca.uhn.fhir.jpa.search.HapiHSearchAnalysisConfigurers$HapiLuceneAnalysisConfigurer +# hibernate.search.backend.directory.type: local-filesystem +# hibernate.search.backend.directory.root: target/lucenefiles +# hibernate.search.backend.lucene_version: lucene_current + ### elastic parameters ===> see also elasticsearch section below <=== +# hibernate.search.backend.type: elasticsearch +# hibernate.search.backend.analysis.configurer: ca.uhn.fhir.jpa.search.HapiHSearchAnalysisConfigurers$HapiElasticAnalysisConfigurer +hapi: + fhir: + + ### This enables the swagger-ui at /fhir/swagger-ui/index.html as well as the /fhir/api-docs (see https://hapifhir.io/hapi-fhir/docs/server_plain/openapi.html) + openapi_enabled: true + ### This is the FHIR version. Choose between, DSTU2, DSTU3, R4 or R5 + fhir_version: R4 + ### This flag when enabled to true, will avail evaluate measure operations from CR Module. + ### Flag is false by default, can be passed as command line argument to override. + cr_enabled: "${CR_ENABLED: false}" + ### enable to use the ApacheProxyAddressStrategy which uses X-Forwarded-* headers + ### to determine the FHIR server address + # use_apache_address_strategy: false + ### forces the use of the https:// protocol for the returned server address. + ### alternatively, it may be set using the X-Forwarded-Proto header. + # use_apache_address_strategy_https: false + ### enables the server to host content like HTML, css, etc. under the url pattern of /static/** + ### the deepest folder level will be used. E.g. - if you put file:/foo/bar/bazz as value then the files are resolved under /static/bazz/** + #staticLocation: file:/foo/bar/bazz + ### enable to set the Server URL + server_address: https://fhir.openelis.org:8443/fhir/ + # defer_indexing_for_codesystems_of_size: 101 + # install_transitive_ig_dependencies: true + ### tells the server whether to attempt to load IG resources that are already present + # reload_existing_implementationGuides : false + # implementationguides: + ### example from registry (packages.fhir.org) + # swiss: + # name: swiss.mednet.fhir + # version: 0.8.0 + # example not from registry + # ips_1_0_0: + # url: https://build.fhir.org/ig/HL7/fhir-ips/package.tgz + # name: hl7.fhir.uv.ips + # version: 1.0.0 + # supported_resource_types: + # - Patient + # - Observation + ################################################## + # Allowed Bundle Types for persistence (defaults are: COLLECTION,DOCUMENT,MESSAGE) + ################################################## + # allowed_bundle_types: COLLECTION,DOCUMENT,MESSAGE,TRANSACTION,TRANSACTIONRESPONSE,BATCH,BATCHRESPONSE,HISTORY,SEARCHSET + # allow_cascading_deletes: true + # allow_contains_searches: true + allow_external_references: true + # allow_multiple_delete: true + # allow_override_default_search_params: true + auto_create_placeholder_reference_targets: true + ### tells the server to automatically append the current version of the target resource to references at these paths + # auto_version_reference_at_paths: Device.patient, Device.location, Device.parent, DeviceMetric.parent, DeviceMetric.source, Observation.device, Observation.subject + # cr_enabled: true + # ips_enabled: false + # default_encoding: JSON + default_pretty_print: false + default_page_size: 100 + # delete_expunge_enabled: true + # enable_repository_validating_interceptor: true + # enable_index_missing_fields: false + # enable_index_of_type: true + # enable_index_contained_resource: false + ### !!Extended Lucene/Elasticsearch Indexing is still a experimental feature, expect some features (e.g. _total=accurate) to not work as expected!! + ### more information here: https://hapifhir.io/hapi-fhir/docs/server_jpa/elastic.html + advanced_lucene_indexing: false + bulk_export_enabled: false + bulk_import_enabled: false + # enforce_referential_integrity_on_delete: false + # This is an experimental feature, and does not fully support _total and other FHIR features. + # enforce_referential_integrity_on_delete: false + # enforce_referential_integrity_on_write: false + # etag_support_enabled: true + # expunge_enabled: true + # client_id_strategy: ALPHANUMERIC + fhirpath_interceptor_enabled: false + # filter_search_enabled: true + # graphql_enabled: true + narrative_enabled: false + # mdm_enabled: true + # local_base_urls: + # - https://hapi.fhir.org/baseR4 + mdm_enabled: false + # partitioning: + # allow_references_across_partitions: false + # partitioning_include_in_search_hashes: false + cors: + allow_Credentials: true + # These are allowed_origin patterns, see: https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/web/cors/CorsConfiguration.html#setAllowedOriginPatterns-java.util.List- + allowed_origin: + - '*' + + # Search coordinator thread pool sizes + search-coord-core-pool-size: 20 + search-coord-max-pool-size: 100 + search-coord-queue-capacity: 200 + + # comma-separated package names, will be @ComponentScan'ed by Spring to allow for creating custom Spring beans + #custom-bean-packages: + + # comma-separated list of fully qualified interceptor classes. + # classes listed here will be fetched from the Spring context when combined with 'custom-bean-packages', + # or will be instantiated via reflection using an no-arg contructor; then registered with the server + #custom-interceptor-classes: + + # Threadpool size for BATCH'ed GETs in a bundle. + # bundle_batch_pool_size: 10 + # bundle_batch_pool_max_size: 50 + + # logger: + # error_format: 'ERROR - ${requestVerb} ${requestUrl}' + # format: >- + # Path[${servletPath}] Source[${requestHeader.x-forwarded-for}] + # Operation[${operationType} ${operationName} ${idOrResourceName}] + # UA[${requestHeader.user-agent}] Params[${requestParameters}] + # ResponseEncoding[${responseEncodingNoDefault}] + # log_exceptions: true + # name: fhirtest.access + # max_binary_size: 104857600 + max_page_size: 200 + retain_cached_searches_mins: 60 + reuse_cached_search_results_millis: 1 + tester: + home: + name: OE adjacent FHIR Store + server_address: 'https://fhir.openelis.org:8443/fhir/' + refuse_to_fetch_third_party_urls: false + fhir_version: R4 + # validation: + # requests_enabled: true + # responses_enabled: true + # binary_storage_enabled: true + inline_resource_storage_below_size: 4000 +# bulk_export_enabled: true + subscription: + resthook_enabled: true +# websocket_enabled: false +# email: +# from: some@test.com +# host: google.com +# port: +# username: +# password: +# auth: +# startTlsEnable: +# startTlsRequired: +# quitWait: +# lastn_enabled: true +# store_resource_in_lucene_index_enabled: true +### This is configuration for normalized quantity search level default is 0 +### 0: NORMALIZED_QUANTITY_SEARCH_NOT_SUPPORTED - default +### 1: NORMALIZED_QUANTITY_STORAGE_SUPPORTED +### 2: NORMALIZED_QUANTITY_SEARCH_SUPPORTED +# normalized_quantity_search_level: 2 +#elasticsearch: +# debug: +# pretty_print_json_log: false +# refresh_after_write: false +# enabled: false +# password: SomePassword +# required_index_status: YELLOW +# rest_url: 'localhost:9200' +# protocol: 'http' +# schema_management_strategy: CREATE diff --git a/configs/nginx/nginx-prod.conf b/configs/nginx/nginx-prod.conf new file mode 100644 index 0000000..5ce3609 --- /dev/null +++ b/configs/nginx/nginx-prod.conf @@ -0,0 +1,39 @@ +worker_processes 1; + +events { worker_connections 1024; } +http { + server { + listen 80; + server_name _; + return 301 https://$host$request_uri; + } + + server { + listen [::]:443 ssl; + listen 443 ssl default; + server_name __; + + ssl_certificate /etc/nginx/certs/apache-selfsigned.crt; + ssl_certificate_key /etc/nginx/keys/apache-selfsigned.key; + + proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address + proxy_set_header X-Forwarded-Proto $scheme; # to forward the original protocol (HTTP or HTTPS) + proxy_set_header Host $host; # to forward the original host requested by the client + + absolute_redirect off; + + location / { + proxy_pass http://frontend.openelis.org; + proxy_redirect off; + } + + location /api/ { + proxy_pass https://oe.openelis.org:8443/api/; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } + } +} diff --git a/configs/nginx/nginx.conf b/configs/nginx/nginx.conf new file mode 100644 index 0000000..6a9f373 --- /dev/null +++ b/configs/nginx/nginx.conf @@ -0,0 +1,51 @@ +worker_processes 1; + +events { worker_connections 1024; } +http { + server { + listen 80; + server_name _; + return 301 https://$host$request_uri; + } + + server { + listen [::]:443 ssl; + listen 443 ssl default; + server_name __; + + ssl_certificate /etc/nginx/certs/apache-selfsigned.crt; + ssl_certificate_key /etc/nginx/keys/apache-selfsigned.key; + + proxy_set_header X-Forwarded-For $proxy_protocol_addr; # To forward the original client's IP address + proxy_set_header X-Forwarded-Proto $scheme; # to forward the original protocol (HTTP or HTTPS) + proxy_set_header Host $host; # to forward the original host requested by the client + + absolute_redirect off; + + location / { + #Redirecting to the Front end on host machine + #On linux + #proxy_pass https://172.17.0.1:3000; + #On Mac + #proxy_pass https://host.docker.internal:3000; + #In docker + proxy_pass https://frontend.openelis.org:3000; + proxy_redirect off; + } + + location /api/ { + #Redirecting to OpenELIS server on host machine + #On linux + #proxy_pass https://172.17.0.1:8443/api/; + #On Mac + #proxy_pass https://host.docker.internal:8443/api/; + #In docker + proxy_pass https://oe.openelis.org:8443/api/; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + } + } +} diff --git a/docker-compose-gsoc-test.yml b/docker-compose-gsoc-test.yml index ade7498..99dcc53 100644 --- a/docker-compose-gsoc-test.yml +++ b/docker-compose-gsoc-test.yml @@ -1,8 +1,5 @@ -version: '3.8' - services: -#OpenHIM -IOL mongo: container_name: openhim-mongo ports: @@ -10,7 +7,7 @@ services: image: mongo:3.4 networks: - hie - + openhim-core: container_name: openhim-core image: jembi/openhim-core:v7.1.0 @@ -34,31 +31,31 @@ services: - "5050:5050" - "5051:5051" - "5052:5052" - - "7788:7788" + - "7788:7788" networks: - hie labels: - - 'traefik.enable=true' - - 'traefik.docker.network=sigdep3_hie' - - 'traefik.http.services.openhim-api.loadbalancer.server.port=8080' - - 'traefik.http.services.openhim-api.loadbalancer.server.scheme=https' - - 'traefik.http.routers.openhim-api.service=openhim-api' - - 'traefik.http.routers.openhim-api.tls=true' - - 'traefik.http.routers.openhim-api.entrypoints=web-secure' - - 'traefik.http.routers.openhim-api.rule=Host(`test2.cihis.org`) && PathPrefix(`/openhimcomms`)' - - 'traefik.http.routers.openhim-api.middlewares=openhim-api' - - 'traefik.http.middlewares.openhim-api.stripprefix.prefixes=/openhimcomms' - - 'traefik.http.middlewares.openhim-api.stripprefix.forceSlash=false' - - - 'traefik.http.services.openhim-ssl.loadbalancer.server.port=5000' - - 'traefik.http.services.openhim-ssl.loadbalancer.server.scheme=https' - - 'traefik.http.routers.openhim-ssl.service=openhim-ssl' - - 'traefik.http.routers.openhim-ssl.tls=true' - - 'traefik.http.routers.openhim-ssl.entrypoints=web-secure' - - 'traefik.http.routers.openhim-ssl.rule=Host(`test2.cihis.org`) && PathPrefix(`/openhimcore`)' - - 'traefik.http.routers.openhim-ssl.middlewares=openhim-ssl' - - 'traefik.http.middlewares.openhim-ssl.stripprefix.prefixes=/openhimcore' - - 'traefik.http.middlewares.openhim-ssl.stripprefix.forceSlash=false' + - 'traefik.enable=true' + - 'traefik.docker.network=sigdep3_hie' + - 'traefik.http.services.openhim-api.loadbalancer.server.port=8080' + - 'traefik.http.services.openhim-api.loadbalancer.server.scheme=https' + - 'traefik.http.routers.openhim-api.service=openhim-api' + - 'traefik.http.routers.openhim-api.tls=true' + - 'traefik.http.routers.openhim-api.entrypoints=web-secure' + - 'traefik.http.routers.openhim-api.rule=Host(`test2.cihis.org`) && PathPrefix(`/openhimcomms`)' + - 'traefik.http.routers.openhim-api.middlewares=openhim-api' + - 'traefik.http.middlewares.openhim-api.stripprefix.prefixes=/openhimcomms' + - 'traefik.http.middlewares.openhim-api.stripprefix.forceSlash=false' + + - 'traefik.http.services.openhim-ssl.loadbalancer.server.port=5000' + - 'traefik.http.services.openhim-ssl.loadbalancer.server.scheme=https' + - 'traefik.http.routers.openhim-ssl.service=openhim-ssl' + - 'traefik.http.routers.openhim-ssl.tls=true' + - 'traefik.http.routers.openhim-ssl.entrypoints=web-secure' + - 'traefik.http.routers.openhim-ssl.rule=Host(`test2.cihis.org`) && PathPrefix(`/openhimcore`)' + - 'traefik.http.routers.openhim-ssl.middlewares=openhim-ssl' + - 'traefik.http.middlewares.openhim-ssl.stripprefix.prefixes=/openhimcore' + - 'traefik.http.middlewares.openhim-ssl.stripprefix.forceSlash=false' openhim-console: container_name: openhim-console @@ -71,20 +68,19 @@ services: timeout: 60s retries: 3 ports: - - "9000:80" + - "9000:80" labels: - - 'traefik.enable=true' - - 'traefik.docker.network=sigdep3_hie' - - 'traefik.http.services.openhim-console.loadbalancer.server.port=80' - - 'traefik.http.services.openhim-console.loadbalancer.server.scheme=http' - - 'traefik.http.routers.openhim-console.service=openhim-console' - - 'traefik.http.routers.openhim-console.tls=true' - - 'traefik.http.routers.openhim-console.entrypoints=web-secure' - - 'traefik.http.routers.openhim-console.rule=Host(`test2.cihis.org`)' + - 'traefik.enable=true' + - 'traefik.docker.network=sigdep3_hie' + - 'traefik.http.services.openhim-console.loadbalancer.server.port=80' + - 'traefik.http.services.openhim-console.loadbalancer.server.scheme=http' + - 'traefik.http.routers.openhim-console.service=openhim-console' + - 'traefik.http.routers.openhim-console.tls=true' + - 'traefik.http.routers.openhim-console.entrypoints=web-secure' + - 'traefik.http.routers.openhim-console.rule=Host(`test2.cihis.org`)' networks: - hie - # Loads Default OpenHIM Config openhim-config: container_name: openhim-config image: ghcr.io/i-tech-uw/openhim-config:v0.0.0 @@ -93,9 +89,6 @@ services: networks: - hie -### - # OpenCR - Client Registry - ### opencr: container_name: opencr hostname: opencr @@ -117,13 +110,13 @@ services: - 'traefik.http.routers.opencr.tls=true' - 'traefik.http.routers.opencr.entrypoints=web-secure' - 'traefik.http.services.opencr.loadbalancer.server.port=3000' - - 'traefik.http.routers.opencr.rule=Host(`test2.cihis.org`) && PathPrefix(`/crux`) || PathPrefix(`/ocrux`)' + - 'traefik.http.routers.opencr.rule=Host(`test2.cihis.org`) && PathPrefix(`/crux`) || PathPrefix(`/ocrux`)' - 'traefik.http.services.opencr.loadbalancer.server.scheme=http' - 'traefik.http.routers.opencr.service=opencr' networks: - hie ports: - - 3000:3000 + - 3000:3000 opencr-fhir: image: hapiproject/hapi:v5.5.1 @@ -166,10 +159,6 @@ services: networks: - hie - # OpenELIS Setup - #### - # OpenELIS - #### certs: container_name: oe-certs image: ghcr.io/i-tech-uw/certgen:main @@ -184,20 +173,28 @@ services: database: container_name: openelisglobal-database - image: postgres:9.5 + image: postgres:14.4 ports: - - "15432:5432" + - "15432:5432" restart: always env_file: - ./configs/openelis/database/database.env volumes: # preserves the database between containers - - db-data:/var/lib/postgresql/data - # files here will run on install + - db-data:/var/lib/postgresql/data # files here will run on install - ./configs/openelis/database/dbInit:/docker-entrypoint-initdb.d healthcheck: - test: ["CMD", "pg_isready", "-q", "-d", "clinlims", "-U", "clinlims"] + test: + [ + "CMD", + "pg_isready", + "-q", + "-d", + "clinlims", + "-U", + "clinlims" + ] timeout: 45s interval: 10s retries: 10 @@ -207,12 +204,12 @@ services: image: ghcr.io/i-tech-uw/openelis-global-2:develop depends_on: - database + - certs ports: - - "8443:8443" + - "8443:8443" restart: always environment: - - TZ=Africa/Nairobi - # context.xml doesn't seem to be able to pick up environment variables directly, so we are passing them in as CATALINA_OPTS + - TZ=Africa/Nairobi # context.xml doesn't seem to be able to pick up environment variables directly, so we are passing them in as CATALINA_OPTS - CATALINA_OPTS= -Ddatasource.url=jdbc:postgresql://database:5432/clinlims -Ddatasource.username=clinlims -Ddatasource.password=clinlims volumes: - key_trust-store-volume:/etc/openelis-global @@ -222,30 +219,64 @@ services: - source: datasource.password - source: common.properties - fhir.openelis.org: container_name: external-fhir-api - image: hapiproject/hapi:v5.5.1 - # ports: - # - "8081:8080" + image: hapiproject/hapi:v6.6.0-tomcat + depends_on: + - database + - certs + ports: + - "8085:8080" + - "8444:8443" + networks: + - hie restart: always environment: - hapi.fhir.auto_create_placeholder_reference_targets=true - hapi.fhir.allow_placeholder_references=true - hapi.fhir.allow_external_references=true + secrets: + - source: hapi_application.yaml + + frontend.openelis.org: + image: itechuw/openelis-global-2-frontend:develop + container_name: openelisglobal-front-end + networks: + - hie + environment: + - CHOKIDAR_USEPOLLING=true + tty: true + + proxy: + image: nginx:1.15-alpine + container_name: openelisglobal-proxy + ports: + - 80:80 + - 443:443 + volumes: + - certs-vol:/etc/nginx/certs/ + - keys-vol:/etc/nginx/keys/ + - ./configs/nginx/nginx-prod.conf:/etc/nginx/nginx.conf:ro + networks: + - hie + restart: unless-stopped + depends_on: + - certs secrets: datasource.password: file: ./configs/openelis/properties/datasource.password common.properties: file: ./configs/openelis/properties/common.properties + hapi_application.yaml: + file: ./configs/hapi/properties/hapi_application.yaml volumes: db-data: key_trust-store-volume: certs-vol: certs: - keys-vol: + keys-vol: networks: hie: